The Nest Secure has a hidden microphone, and Google didn't tell owners for 18 months

24

Comments

  • Reply 21 of 62
    This meme that Google is evil and spying on you and Apple is secure and benevolent is absolutely hilarious to anyone that doesn't have their head completely and securely up their ass.
    edited February 20
  • Reply 22 of 62
    This meme that Google is evil and spying on you and Apple is secure and benevolent is absolutely hilarious to anyone that doesn't have their head completely and securely up their ass.
    How do you *really* feel about this? :-)
    randominternetpersonwonkothesanewatto_cobra
  • Reply 23 of 62
    Soli said:
    There's absolutely no evidence that this was a working microphone that was eavesdropping on anyone and let's be clear that Alphabet is the one that announced the update that enabled the microphone, not a blogger that discovered nefarious activity. For those looking for a conspiracy you'll have to look harder. This is no different from countless other tech companies that don't disclose inactive HW for a variety of reasons.

    PS: Let's also be clear that Nest Secure came out almost 4 years after Google acquired the company so anyone with trust issues with Google (which is most of us here) wouldn't have been a customer of this product anyway.
    I'm kind  of surprised nobody had done a teardown and spotted it. Then again, it's not new Apple hardware so nobody cared enough? Nothing innovative to explore?
    watto_cobra
  • Reply 24 of 62
    SoliSoli Posts: 9,275member
    Soli said:
    avon b7 said:
    Soli said:
    avon b7 said:
    Soli said:
    There's absolutely no evidence that this was a working microphone that was eavesdropping on anyone and let's be clear that Alphabet is the one that announced the update that enabled the microphone, not a blogger that discovered nefarious activity. For those looking for a conspiracy you'll have to look harder. This is no different from countless other tech companies that don't disclose inactive HW for a variety of reasons.
    I think in this particular case more could have been done to correct the error beforehand.

    A team of people were involved in designing, testing and producing the hardware. It is reasonable to think that some of these people would have used the finished product or given it to friends and family. It is unreasonable to assume that none of these people saw that a key (and consumer facing element - even if inactive) got missed on the spec list or in the product documentation.

    Also, this feature will have been in internal testing for a while before getting the go ahead to go live which would have provided more opportunities to catch the slip up.

    I'm with you that I don't see anything nefarious but it should have got caught and clarified earlier IMO.
    Apple Infamously released a Mac with hidden 802.11n WiFi and then only announced it after the driver was ready for a launch…and then charged you a fee for it which pissed people off even though they had purchased the machine despite nary a mention of that being a promised feature.

    As I stated, this isn't uncommon and if you don't trust Google then Nest Secure was never an option for you anyway.

    How many products do we have on our person and in our homes with microphones? From security cameras to personal digital assistants to PCs to phones to my Apple Watch I can think of at least 8 off the top of my head. And while I trust Apple to not spy on me the bigger risk will always be exploiting a bug as we recently saw with FaceTime Group Chat.

    If I was running a company as valuable as Alphabet and I wanted to spy on people I wouldn't do it with an undisclosed, active microphone that could be found, I'd blatantly disclose the microphone (as all our CE already have) and then I'd have backdoor "bugs" built-in that people in-the-know could exploit so there's a level of deniability by the company. We accept bugs in SW and we accept that companies say "oopsie"and then close these holes once discovered.
    Wi-fi isn't comparable to this. Those machines already had Wi-Fi on them. All the update did was unlock support for 802.11n.
    You’re now claiming that 802.11n over 802.11g is just better code? Is this so you can later claim that Apple was being petty for a mere “software update”? 🤦‍♂️
    Please note that the original introduction of 802.11n in the MacBook line at date of ratification was a software update since the WiFi cards present in the devices just before 802.11n was ratified already implemented the 802.11n standard in its 'draft' form.
    That’s the point! Just as Nest updated SW to enable undisclosed HW. Unused HW elements are common as fuck in electronics. Radios in iPhones have included FM for years and yet no mention of the feature and no SW to operate it because they specifically not use it but it was part of the component so would they mention it?
    n2itivguy
  • Reply 25 of 62
    gatorguygatorguy Posts: 21,117member
    rob53 said:
    Here comes another congressional investigation. This is blatant spying and Google needs to be held accountable. Everyone goes after Apple for a simple bug in Facebook they didn’t know existed while Google knows they put a microphone in this device and never told anyone. They can’t get away with this one. 
    An inactive microphone, but yes one existed. To be honest I would have been shocked if it did NOT have a microphone, in fact highly disappointed if it didn't as it would be handicapped and less functional than other security systems. How else to hear breaking glass or gunshots or whatever? The Nest Hello has one (of course) and the Nest security cams (of course), and I've made use of it on my Nest Cams several times. Without microphones they are far less useful for those buying them. 
    edited February 20 muthuk_vanalingam
  • Reply 26 of 62
    Google just doesn’t get it. Clearly privacy just isn’t on their radar...this was no accident. They just didn’t care enough to disclose it.
    GeorgeBMacwatto_cobra
  • Reply 27 of 62
    gatorguygatorguy Posts: 21,117member
    I guess everyone who bought a Google Nest Secure forgot about Google getting caught sending unauthorized audio recordings from Google Home devices to their cloud only a few years ago.  Oh wait, that was just a bug--doesn't count I suppose.

    https://medium.com/snips-ai/google-home-minis-bug-shows-why-cloud-based-voice-assistants-are-a-bad-idea-6f1b4c569591
    LOL! Google wasn't "caught", it was a fabric flaw in the initial beta shipments that put too much tension on the center activation button. It was discovered because Google tells you everything the speaker thought you said, available for review in the users account. YOUR private account data.  It wasn't hidden and for that reason the flaw was discovered before retail units went out. Nothing sneaky or devious was going on despite your wish that there had been. ;)  
    dws-2muthuk_vanalingam
  • Reply 28 of 62
    Soli said:
    There's absolutely no evidence that this was a working microphone that was eavesdropping on anyone and let's be clear that Alphabet is the one that announced the update that enabled the microphone, not a blogger that discovered nefarious activity. For those looking for a conspiracy you'll have to look harder. This is no different from countless other tech companies that don't disclose inactive HW for a variety of reasons.

    PS: Let's also be clear that Nest Secure came out almost 4 years after Google acquired the company so anyone with trust issues with Google (which is most of us here) wouldn't have been a customer of this product anyway.
    Doesn’t matter. The fact that it was there should have been disclosed, as it does pose an attack vector should the device software or firmware be compromised. Customers not knowing it’s there, that a vector exists, is outrageous.
    dysamoriaavon b7watto_cobra
  • Reply 29 of 62
    Soli said:
    Soli said:
    avon b7 said:
    Soli said:
    avon b7 said:
    Soli said:
    There's absolutely no evidence that this was a working microphone that was eavesdropping on anyone and let's be clear that Alphabet is the one that announced the update that enabled the microphone, not a blogger that discovered nefarious activity. For those looking for a conspiracy you'll have to look harder. This is no different from countless other tech companies that don't disclose inactive HW for a variety of reasons.
    I think in this particular case more could have been done to correct the error beforehand.

    A team of people were involved in designing, testing and producing the hardware. It is reasonable to think that some of these people would have used the finished product or given it to friends and family. It is unreasonable to assume that none of these people saw that a key (and consumer facing element - even if inactive) got missed on the spec list or in the product documentation.

    Also, this feature will have been in internal testing for a while before getting the go ahead to go live which would have provided more opportunities to catch the slip up.

    I'm with you that I don't see anything nefarious but it should have got caught and clarified earlier IMO.
    Apple Infamously released a Mac with hidden 802.11n WiFi and then only announced it after the driver was ready for a launch…and then charged you a fee for it which pissed people off even though they had purchased the machine despite nary a mention of that being a promised feature.

    As I stated, this isn't uncommon and if you don't trust Google then Nest Secure was never an option for you anyway.

    How many products do we have on our person and in our homes with microphones? From security cameras to personal digital assistants to PCs to phones to my Apple Watch I can think of at least 8 off the top of my head. And while I trust Apple to not spy on me the bigger risk will always be exploiting a bug as we recently saw with FaceTime Group Chat.

    If I was running a company as valuable as Alphabet and I wanted to spy on people I wouldn't do it with an undisclosed, active microphone that could be found, I'd blatantly disclose the microphone (as all our CE already have) and then I'd have backdoor "bugs" built-in that people in-the-know could exploit so there's a level of deniability by the company. We accept bugs in SW and we accept that companies say "oopsie"and then close these holes once discovered.
    Wi-fi isn't comparable to this. Those machines already had Wi-Fi on them. All the update did was unlock support for 802.11n.
    You’re now claiming that 802.11n over 802.11g is just better code? Is this so you can later claim that Apple was being petty for a mere “software update”? 🤦‍♂️
    Please note that the original introduction of 802.11n in the MacBook line at date of ratification was a software update since the WiFi cards present in the devices just before 802.11n was ratified already implemented the 802.11n standard in its 'draft' form.
    That’s the point! Just as Nest updated SW to enable undisclosed HW. Unused HW elements are common as fuck in electronics. Radios in iPhones have included FM for years and yet no mention of the feature and no SW to operate it because they specifically not use it but it was part of the component so would they mention it?
    Give me a break.  You don't see a difference between a WiFi modem that could be upgraded to use a newer standard (on one hand) and a completely new capability (a microphone) on the other?  I'm not going overboard about this being nefarious, but it's certainly a mistake (as Google as conceded).  Contrast this with Tesla's "autopilot" capabilities which were announced from day 1 as an evolving capability.  A device that includes a microphone or camera is less secure that a device that does not, period.  The fact that it could be activated remotely means that it's an attack vector for hackers. 
    StrangeDaysGeorgeBMacwatto_cobra
  • Reply 30 of 62
    dws-2dws-2 Posts: 238member
    conitor said:
    dws-2 said:
    Google has never been caught spying, unlike Facebook. Google does spy of course, but they so far have always been very clear and open on what information they collect. This is very, very different than Facebook, which either lies or obfuscates about how they collect and use information.
    A couple of samples:
    http://fortune.com/2017/11/22/google-oracle-location-data-privacy
    https://www.npr.org/sections/ed/2015/12/08/458460509/google-hit-with-a-student-privacy-complaint
    I get what you're saying, but I don't read the same nefarious intentions from those articles. In fact, here's a quote from the second one: "I think Google is not being as transparent as they could be," says Elana Zeide, a student privacy expert who is a research fellow at NYU's Information Law Institute. That's not the same tone as articles about Facebook, which is more or less, "They actively lie and hide information whenever they can."

    I think the issue is that we're losing trust, which is a good thing in general because these companies have very little commitment to privacy, and their business model is selling information about you. However, I see no evidence, not even the smallest hint, that Google used this microphone without user's knowledge.
    edited February 20
  • Reply 31 of 62
    davgreg said:
    I am sure that was an "accident". 

    This is one reason why I want a headless Mac in my home- not an iMac with a camera and mike that cannot be turned off. I can disconnect a USB connected camera and mike.
    What's wrong with a bit of black tape (for the camera) and a bit of cotton wool taped over the microphone?

    Per John Gruber and his security guest, modern Mac cameras are hardware-linked to the green “on” LED. It’s impossible for them to operate without the light coming on.
    edited February 20 randominternetpersonwatto_cobra
  • Reply 32 of 62
    lkrupplkrupp Posts: 7,313member
    jungmark said:
    “Do no evil.” Right, more like “don’t get caught”. 

    A bug can be a mistake. Bugs happen. Not telling users there’s a mic in a product is a blatant lie. 
    Like not telling you your iPhone is being throttled to maintain battery performance? Just saying.
  • Reply 33 of 62
    This meme that Google is evil and spying on you and Apple is secure and benevolent is absolutely hilarious to anyone that doesn't have their head completely and securely up their ass.
    Low value post. Fact remains iOS is more secure than Android and Apple values customer privacy more than Google. 
    GeorgeBMacrandominternetpersonwatto_cobra
  • Reply 34 of 62

    Soli said:
    Soli said:
    avon b7 said:
    Soli said:
    avon b7 said:
    Soli said:
    There's absolutely no evidence that this was a working microphone that was eavesdropping on anyone and let's be clear that Alphabet is the one that announced the update that enabled the microphone, not a blogger that discovered nefarious activity. For those looking for a conspiracy you'll have to look harder. This is no different from countless other tech companies that don't disclose inactive HW for a variety of reasons.
    I think in this particular case more could have been done to correct the error beforehand.

    A team of people were involved in designing, testing and producing the hardware. It is reasonable to think that some of these people would have used the finished product or given it to friends and family. It is unreasonable to assume that none of these people saw that a key (and consumer facing element - even if inactive) got missed on the spec list or in the product documentation.

    Also, this feature will have been in internal testing for a while before getting the go ahead to go live which would have provided more opportunities to catch the slip up.

    I'm with you that I don't see anything nefarious but it should have got caught and clarified earlier IMO.
    Apple Infamously released a Mac with hidden 802.11n WiFi and then only announced it after the driver was ready for a launch…and then charged you a fee for it which pissed people off even though they had purchased the machine despite nary a mention of that being a promised feature.

    As I stated, this isn't uncommon and if you don't trust Google then Nest Secure was never an option for you anyway.

    How many products do we have on our person and in our homes with microphones? From security cameras to personal digital assistants to PCs to phones to my Apple Watch I can think of at least 8 off the top of my head. And while I trust Apple to not spy on me the bigger risk will always be exploiting a bug as we recently saw with FaceTime Group Chat.

    If I was running a company as valuable as Alphabet and I wanted to spy on people I wouldn't do it with an undisclosed, active microphone that could be found, I'd blatantly disclose the microphone (as all our CE already have) and then I'd have backdoor "bugs" built-in that people in-the-know could exploit so there's a level of deniability by the company. We accept bugs in SW and we accept that companies say "oopsie"and then close these holes once discovered.
    Wi-fi isn't comparable to this. Those machines already had Wi-Fi on them. All the update did was unlock support for 802.11n.
    You’re now claiming that 802.11n over 802.11g is just better code? Is this so you can later claim that Apple was being petty for a mere “software update”? 🤦‍♂️
    Please note that the original introduction of 802.11n in the MacBook line at date of ratification was a software update since the WiFi cards present in the devices just before 802.11n was ratified already implemented the 802.11n standard in its 'draft' form.
    That’s the point! Just as Nest updated SW to enable undisclosed HW. Unused HW elements are common as fuck in electronics. Radios in iPhones have included FM for years and yet no mention of the feature and no SW to operate it because they specifically not use it but it was part of the component so would they mention it?
    But you’re ignoring Avon’s point (yikes) - the Macs that received the N update already had wifi and that was known to customers. That’s unlike this situation where customers bought a device not knowing it had recording abilities whatsoever. This has real world ramifications, as it’s completely plausible that a zero-day exploit could make use of the undisclosed recording ability. Knowing the mic exists and choosing to buy it or not is the only action available to customers. Everyone who bought a Mac with wifi was already onboard with a device with wifi on it. 

    For it to be the same, it would have to have been Macs sold as having *no* wifi whatsoever. That would be a big deal. Like this. 
    GeorgeBMacwatto_cobra
  • Reply 35 of 62
    dws-2 said:
    Google has never been caught spying, unlike Facebook. Google does spy of course, but they so far have always been very clear and open on what information they collect. This is very, very different than Facebook, which either lies or obfuscates about how they collect and use information.

    The microphone was probably there to detect glass breaks or when the user was at home. Maybe they didn’t list it on the specs because it wasn’t working yet, and they didn’t want to indicate a feature they might never enable. I think there’s something similar on the Nest Protect, with some feature they later enabled.

    Edit: I’m not saying you should trust Google; just they’ve never lied about this sort of thing in the past, and there’s no reason, based on past behavior, to believe they lied in this case.
    They were found guilty of spying in Europe when their camera cars went around collecting random WiFi data.  Google, after being caught and convicted claimed they didn't know that they did it -- even though they refused to delete the data from their servers.

    That sounds like NSA type spying to me -- just collect everything you can get your hands on.
    watto_cobra
  • Reply 36 of 62
    SoliSoli Posts: 9,275member
    mknelson said:
    Soli said:
    There's absolutely no evidence that this was a working microphone that was eavesdropping on anyone and let's be clear that Alphabet is the one that announced the update that enabled the microphone, not a blogger that discovered nefarious activity. For those looking for a conspiracy you'll have to look harder. This is no different from countless other tech companies that don't disclose inactive HW for a variety of reasons.

    PS: Let's also be clear that Nest Secure came out almost 4 years after Google acquired the company so anyone with trust issues with Google (which is most of us here) wouldn't have been a customer of this product anyway.
    I'm kind  of surprised nobody had done a teardown and spotted it. Then again, it's not new Apple hardware so nobody cared enough? Nothing innovative to explore?
    It is a bit surprising. If this was an Apple product I assume if would’ve been caught. Even their SoCs are x-rated and mapped with people trying to figure out the unknowns.
    watto_cobra
  • Reply 37 of 62
    SoliSoli Posts: 9,275member

    Soli said:
    Soli said:
    avon b7 said:
    Soli said:
    avon b7 said:
    Soli said:
    There's absolutely no evidence that this was a working microphone that was eavesdropping on anyone and let's be clear that Alphabet is the one that announced the update that enabled the microphone, not a blogger that discovered nefarious activity. For those looking for a conspiracy you'll have to look harder. This is no different from countless other tech companies that don't disclose inactive HW for a variety of reasons.
    I think in this particular case more could have been done to correct the error beforehand.

    A team of people were involved in designing, testing and producing the hardware. It is reasonable to think that some of these people would have used the finished product or given it to friends and family. It is unreasonable to assume that none of these people saw that a key (and consumer facing element - even if inactive) got missed on the spec list or in the product documentation.

    Also, this feature will have been in internal testing for a while before getting the go ahead to go live which would have provided more opportunities to catch the slip up.

    I'm with you that I don't see anything nefarious but it should have got caught and clarified earlier IMO.
    Apple Infamously released a Mac with hidden 802.11n WiFi and then only announced it after the driver was ready for a launch…and then charged you a fee for it which pissed people off even though they had purchased the machine despite nary a mention of that being a promised feature.

    As I stated, this isn't uncommon and if you don't trust Google then Nest Secure was never an option for you anyway.

    How many products do we have on our person and in our homes with microphones? From security cameras to personal digital assistants to PCs to phones to my Apple Watch I can think of at least 8 off the top of my head. And while I trust Apple to not spy on me the bigger risk will always be exploiting a bug as we recently saw with FaceTime Group Chat.

    If I was running a company as valuable as Alphabet and I wanted to spy on people I wouldn't do it with an undisclosed, active microphone that could be found, I'd blatantly disclose the microphone (as all our CE already have) and then I'd have backdoor "bugs" built-in that people in-the-know could exploit so there's a level of deniability by the company. We accept bugs in SW and we accept that companies say "oopsie"and then close these holes once discovered.
    Wi-fi isn't comparable to this. Those machines already had Wi-Fi on them. All the update did was unlock support for 802.11n.
    You’re now claiming that 802.11n over 802.11g is just better code? Is this so you can later claim that Apple was being petty for a mere “software update”? ߤ榺wj;♂️
    Please note that the original introduction of 802.11n in the MacBook line at date of ratification was a software update since the WiFi cards present in the devices just before 802.11n was ratified already implemented the 802.11n standard in its 'draft' form.
    That’s the point! Just as Nest updated SW to enable undisclosed HW. Unused HW elements are common as fuck in electronics. Radios in iPhones have included FM for years and yet no mention of the feature and no SW to operate it because they specifically not use it but it was part of the component so would they mention it?
    But you’re ignoring Avon’s point (yikes) - the Macs that received the N update already had wifi and that was known to customers. That’s unlike this situation where customers bought a device not knowing it had recording abilities whatsoever. This has real world ramifications, as it’s completely plausible that a zero-day exploit could make use of the undisclosed recording ability. Knowing the mic exists and choosing to buy it or not is the only action available to customers. Everyone who bought a Mac with wifi was already onboard with a device with wifi on it. 

    For it to be the same, it would have to have been Macs sold as having *no* wifi whatsoever. That would be a big deal. Like this. 
    That’s irrelevant. It’s about undisclosed HW which is trying to be spun as something that doesn’t occur when it’s clear this happens all the time and without nefarious reasons. The same thing with the FM radios found in the combo radio component found in iPhones. That is an included HW feature of a component for which Apple hasn’t enabled and has never disclosed on their spec sheds for reasons that should be obvious.
    edited February 20 n2itivguy
  • Reply 38 of 62
    dws-2 said:
    Google has never been caught spying, unlike Facebook. Google does spy of course, but they so far have always been very clear and open on what information they collect. This is very, very different than Facebook, which either lies or obfuscates about how they collect and use information.

    The microphone was probably there to detect glass breaks or when the user was at home. Maybe they didn’t list it on the specs because it wasn’t working yet, and they didn’t want to indicate a feature they might never enable. I think there’s something similar on the Nest Protect, with some feature they later enabled.

    Edit: I’m not saying you should trust Google; just they’ve never lied about this sort of thing in the past, and there’s no reason, based on past behavior, to believe they lied in this case.
    That's not quite true.
    They were found guilty of spying in Europe when their camera cars went around collecting random WiFi data.  Google, after being caught and convicted claimed they didn't know that they did it -- even though they refused to delete the data from their servers.

    That sounds like NSA type spying to me -- just collect everything you can get your hands on.
    watto_cobra
  • Reply 39 of 62
    lkrupp said:
    jungmark said:
    “Do no evil.” Right, more like “don’t get caught”. 

    A bug can be a mistake. Bugs happen. Not telling users there’s a mic in a product is a blatant lie. 
    Like not telling you your iPhone is being throttled to maintain battery performance? Just saying.
    You can say it -- or spin it -- all you want.  But it's not an accurate statement.
    They didn't throttle it back to "maintain battery performance".
    They throttled it back because a weak battery would just shut down from 30-40% charge unexpectedly and without warning.  And, the only way to restart it was to attach it to charger.  If you were out  where you needed to rely on having a phone, that could be a dangerous situation.

    By throttling it back they eliminated the high demand which caused it to shut down the phone.
    But, the media created an anti-Apple story.

    For myself, it happened a number of times and I was very grateful for the minor inconvenience of a slow down in exchange to be able to rely on my phone.


    randominternetpersonn2itivguystompyphilboogiewatto_cobra
  • Reply 40 of 62
    SoliSoli Posts: 9,275member
    davgreg said:
    I am sure that was an "accident". 

    This is one reason why I want a headless Mac in my home- not an iMac with a camera and mike that cannot be turned off. I can disconnect a USB connected camera and mike.
    What's wrong with a bit of black tape (for the camera) and a bit of cotton wool taped over the microphone?

    Per John Gruber and his security guest, modern Mac cameras are hardware-linked to the green “on” LED. It’s impossible for them to operate without the light coming on.
    It’s all on a small circuit board so I do wonder if that could be bypassed (or tricked) since I can’t determine a direct line of connection or even an option for regulating the power flow that could enable the camera without making the LED “visually” observable to the user (e.g.: somehow making the LED technically on but being so dim that it’s indistinguishable to the viewer in a well lit room, which the malware could first determine by accessing the machine’s ambient light sensor). I l’ve seen too many clever things in my life to assume something in unbreakable just because someone says so with confidence.

    Note: I don’t cover my camera because if they have access to it they have access to a lot more that I want to protect) 
Sign In or Register to comment.